secure-electron-template icon indicating copy to clipboard operation
secure-electron-template copied to clipboard
verified publisher icon reZach

Protocol Path Sanitisation

Open jmannau opened this issue 1 year ago • 0 comments

In regards to securely handling custom protocols, the electron docs suggest preventing relative path traversal (https://www.electronjs.org/docs/latest/api/protocol#protocolhandlescheme-handler)

// NB, this checks for paths that escape the bundle, e.g.
// app://bundle/../../secret_file.txt
const pathToServe = path.resolve(__dirname, pathname)
const relativePath = path.relative(__dirname, pathToServe)
const isSafe = relativePath && !relativePath.startsWith('..') && !path.isAbsolute(relativePath)
if (!isSafe) {
  return new Response('bad', {
    status: 400,
    headers: { 'content-type': 'text/html' }
  })
}

return net.fetch(pathToFileURL(pathToServe).toString())

How does this compare to the current protocol handler https://github.com/reZach/secure-electron-template/blob/master/app/electron/protocol.js

Is there benefit to one over? I am happy to make a PR to add comments explaining the benefits or to consolidate on the the preferred option.

jmannau avatar Apr 17 '24 03:04 jmannau